The New Paradigm Shift: Software-defined Storage€¦ · Introduction keeperSAFE Overview A...
Transcript of The New Paradigm Shift: Software-defined Storage€¦ · Introduction keeperSAFE Overview A...
The New Paradigm Shift:Software-defined Storage
TM
Introduction .................................................................................................. 3
keeperSAFE Overview ............................................................................. 3
Software-defined Storage ....................................................................... 4
Tightly Integrated with Commodity Hardware ............................. 6
Architecture .................................................................................................. 7
Data Availability ........................................................................................10
Software and Microcode Upgrades ............................................10
Hardware Redundancy and Reliability ......................................10
Data Protection .........................................................................................12
Advanced Data Management with IDMT ................................14
Connectivity and Integration ...............................................................15
Reporting and Analytics .........................................................................17
Conclusion ...................................................................................................18
Table of Contents
2
Machine-generated data is the fastest-growing segment of
the mass storage data market. The digital content explosion
combined with our “data-on-demand” society is presenting
organizations with unprecedented scaling challenges. The rapid
growth of online, near line, and backup data pools has pushed
general-purpose storage systems beyond their capabilities and
has forced manufacturers and users to rethink their storage
architectures across the data storage industry.
This growth is driving storage technology innovation into the
marketplace. Keeper Technology (Keeper) has been delivering
state-of-the-art integrated technology solutions to commercial
and government customers for more than a decade, particularly
in industries that need to provide continual online access to data
in the petabyte and exabyte scale. As Keeper has grown, we have
remained focused on our core mission to provide enterprise class,
hyper-converged data storage and data management solutions
to our government and commercial customers.
Introduction
keeperSAFE OverviewA Next-Generation Platform for Exabyte-Scale Storage
Keeper introduced the first
version of kSAFE in January
2011, to address specific use
cases within our government customers for managing and
protecting the unique combination of large data with
billions of files.
The first generation of kSAFE provided capacities up to 100
TB and up to 5 billion files through a NAS presentation layer
and leveraged commodity RAID technologies for the data
storage layer. Features such as online snapshots, snapshot
recovery, local and wide-area replication were utilized in
most customer deployments.
The second-generation kSAFE became available in 2013,
and allowed for capacities up to 1 PB and file counts up to
15 billion. We also added capabilities for block access over
Fiber Channel and iSCSI presentation layers.
Our current, third-generation kSAFE began shipping in 2015,
providing virtually limitless scaling for both file counts and
capacities due to its ability to store data as scalable objects.
KeeperSAFE is the definition of a true hyper-converged architec-
ture. Building form the ground-up, Keeper has tightly integrated
open-source software defined storage into fully vetted
commodity hardware. The end result: an affordable, scalable,
and elastic appliance package featuring full compute, store,
networking, virtulization, and management capabilities in one.
This document describes the evolution of keeperSAFE (kSAFE),
a turnkey data storage appliance created by Keeper, as well as
its functions and operation. This document also addresses key
capabilities and specifications such as the product’s data access,
management, security, and other technical requirements
as well as its benefit to in-house data center operations.
This whitepaper concludes with Keeper’s application as a
purpose built data storage solution created for a
fully-integrated data management environment.
The backend storage infrastructure transitioned from RAID
technology to a ‘storage server’ infrastructure where each
storage shelf has built-in intelligence, facilitating advanced data
management and tiering, all while performing online upgrades,
online technology insertion and online technology decommis-
sioning. This generation kSAFE added native integration with
Intelligent Data Management Technology (IDMT) and native
disk encryption, amongst many other features.
Today’s kSAFE is built upon the open-source Ceph project.
Many of the core features for kSAFE follow the Ceph roadmap
including support for CephFS and BlueStore support.
Keeper makes rolling improvements for overall advancements
in management and usability of the GUI interface. Keeper
constantly evaluates new storage server platforms for
inclusion in the kSAFE ecosystem and anticipates investigating
very high-density storage solutions for availability in the near
future as well as NVMe solid-state solutions to serve as a tier
of storage for certain use cases requiring extremely low
latency combined with high scalability.
3
Software-defined Storage
Figure 1: Algorithmic Methodology of Storing and Retrieving Data kSAFE delivers extraordinary scalability with thousands of clients accessing petabytes to exabytes of data.
Infinite Capacity and Elasticity
For more than 20 years, RAID had been the go-to technology
for increasing performance while ensuring data redundancy, but
disk drive capacity has significantly outpaced access speed. In
response to this together with explosive data growth, Keeper
transitioned away from RAID as its backend storage
infrastructure in 2013.
Traditional scale-up RAID storage architectures face significant
limitations when volumes approach the petabyte level. RAID
storage solutions distribute data across sub-sets of spindles,
which are not fault tolerant by design and limit performance
scalability. Additionally, RAID recovery takes too long with
today’s large disks, and disks are only getting denser.
The Keeper storage ecosystem is an open-source,
software-based storage platform that scales across physical,
virtual, and cloud resources without limits. It is built upon the
open-source Ceph project; Ceph is an object-based storage
solution that supports scalable clusters up to the exabyte level.
Ceph bypasses the limitations of RAID in many ways – primarily
by replicating data in multiple locations and fault domains. This
uses less expensive disk controllers and avoids the problems
common with RAID and today’s large disks.
In the kSAFE environment,
objects, files, and block data
are allocated homogeneously
across disks and nodes; this
results in a very high fault
tolerance, scalability of
capacity, and data migration
with zero downtime.
Manage big, semi-structured, and unstructured
data growth while maintaining performance,
capacity, and availability.
Open-source technology provides a core capability to power
enterprise data management systems, but it takes unique
talent to bring these disparate projects together to make them
function and perform efficiently. Keeper Technology harnesses
the power of open-source within kSAFE, creating a comprehensive,
flexible, scalable, and supportable data storage solution.
The kSAFE storage architecture enables algorithms to broadly
distribute objects, files and block data homogeneously over disks
and nodes to provide maximum utilization of all system resources.
And unlike traditional RAID architectures, kSAFE supports this
amalgamated technique for system fault tolerance, which is
designed to be both self-healing and self-managing.
4
Figure 2: CRUSH Data Mapping Ceph, which is at the core of the Keeper storage ecosystem,
uses RADOS (Reliable Autonomic Distributed Object Store) to
separate objects from the underlying storage hardware. RADOS
ensures flexibility in data storage by allowing application object,
block, or file systems to interface simultaneously. The object
storage devices are not just for data access, but also allow for
serialization, replication, and failure detection.
The CRUSH (Controlled Replication Under Scalable Hashing)
algorithm is the underlying technology in the Keeper software
architecture. CRUSH deterministically computes where data can
be found and should be written. CRUSH provides a better data
management mechanism compared to older approaches, and is
better suited to hyper-scale storage.
CRUSH uses a weighted distribution methodology to determine
how data is stored, retrieved, and algorithmically allocated
between all available disks and nodes; it cleanly distributes the
work to all the clients in the cluster.
CRUSH Uses Intelligent Data Replication to Ensure
Resiliency and Elasticity
CRUSH is aware of the infrastructure and relationships between
the various components: server, rack, switch, power circuit, data
center, etc. These components are treated as fault zones, and
CRUSH places data and replica locations to ensure that the
contents are safe and accessible even if some of the components
fail. This eliminates single points of failure, and enables use of
commodity hardware to build a highly resilient storage system.
When components fail or new disks or nodes are added to the
cluster, kSAFE autonomously adjusts to the new layout and
moves data in order to re-establish even distribution and fault
tolerance. As the cluster grows by adding more disks or nodes,
the power to manage that data grows at the same pace. As more
kSAFE creates a map of the storage node cluster to homogeneously
store and retrieve data across the complete system.
clients access the cluster, the power to find data also grows.
There are literally thousands of open source projects that could
assist in the creation of the keeperSAFE appliance. Selecting the
best available and then ensuring that they operate seamlessly
together with hand-selected, best in-class hardware, requires
significant data storage industry experience as well as decades
of involvement in open source software development and
integration. As an enterprise data storage and data management
company, Keeper Technology is uniquely positioned to
qualify and integrate the best of breed open source projects
into keeperSAFE.
Infinite Capacity
kSAFE is built to scale to the exabyte level and back.
Unlimited Flexibility and Performance RADOS enables object, block, or file systems to interface
simultaneously.
Intelligent Storage Nodes Nodes actively collaborate, replicate data, consistently apply
updates, detect node failures, and migrate data.
Strategic Data Placement
The CRUSH algorithm ensures efficient data placement as data
is added, changed, and removed.
Minimal System Administration
Clustering increases performance, avoids data bottlenecks,
is self-healing and self-managing.
No Single Point of Failure
Customers have no awareness of system failures because
their data remains available.
Client
??
5
System Management Qualification
One of the unique things about combining open-source software
with data storage hardware is that the open source software has
been written very generically so that it does not depend upon any
one vendor’s implementation of hardware.
Keeper Technology provides comprehensive enclosure management
services to detect failing and failed components from disks, as well
as power supplies and system interconnects. kSAFE then promptly
and accurately displays that information on our Keeper GUI so a
systems administrator can provide the appropriate response.
Having these features is a critical differentiator when buying a
solution versus attempting to develop your own open source
solution. Without these advanced management features that
Keeper has developed, the level of effort and risk to managing a
system is immeasurable.
Keeper allows all of our customers to benefit from the agility,
elasticity, and transformative nature of today’s open-source
software combined with qualified data storage hardware in a
repeatable, supportable data storage appliance.
Hardware Qualification The Keeper Technology engineers continually run commodity
hardware solutions through an extensive evaluation process to
ensure that we present a reliable, sustainable solution to appeal
to a broad range of customers. In our initial search for a viable
platform, we investigated physical hardware reliability and
maintainability specifications as well as the availability of features
for software system information needed to detect and correct
problems and failures during normal operations. Keeper
Technology acquired several hardware platforms to evaluate
for long-term operations, and only the best platform survived.
Hardware source selection is an ongoing process to bring
new form factors and capabilities to market.
Software Development Qualification
The Keeper Technology software development team has worked
tirelessly to fill in the gaps when open source software is not
available or viable and ensure that the hardware and software
work well together. As with most products, error management and
reporting are key requirements for understanding if a system is
running properly. Keeper collects tens of thousands of data points
per hour, analyzes them, and rolls that information up into our own
intuitive management GUI that presents both software and
hardware status, performance information, and a host of
configuration and operational data.
Tightly Integrated with Commodity HardwareBecause kSAFE is based upon open source software technologies, the natural question is: Why can’t I use the same or similar open
source technologies to create my own kSAFE ‘lookalike’ product? The short answer is, ‘It is feasible, but you have to realize what you are
getting into when creating a one-off, open-source solution in an enterprise-class environment.’
Participating in the open-source community is a two-way street. There is an expectation that companies utilizing open source will dig
into the source code and contribute enhancements back to improve the quality of the open-source code. It takes time and commitment
to develop credibility within the open-source community and Keeper Technology is already there, and fully engaged through our team’s
monitoring of previous and ongoing bug-fixes, enhancements, and assistance.
Bridging the Gap Between Hardware and Software
Keeper Technology has spent tens of thousands of hours and millions of dollars in facilities and capital equipment investment to create a
sustainable, supportable data storage product line. It is one thing to install software downloaded from the Internet and make it work to some
level of functionality; it is entirely another matter to create an enterprise-class data storage solution that is tightly integrated with hardware.
Even for those customers capable of ‘rolling their own’ open source solutions, additional software development is necessary to fully integrate
the solution, and the long-term maintenance of the environment can be challenging. There is always help available from the open source
community, but the response is typically related to level of engagement with, and commitment to, the open-source community.
6
ArchitectureBecause of its Lego-like architecture, kSAFE allows the building of data storage that scales incrementally without worrying about
capacity overload or without having to undergo disruptive forklift upgrades. As components fail or new devices are added, kSAFE
autonomously adjusts to the new layout and moves data to reestablish even distribution and fault tolerance.
kSAFE natively supports OpenStack and other Linux physical and virtualized storage environments. It fully leverages a unique
combination of mature open-source data storage projects and Keeper Technology developed code, all tightly integrated with
commodity hardware, providing an open solution that is free from vendor lock-in.
Based on customer-required configuration, all hardware and software components are delivered as a complete kSAFE product.
Each storage shelf has built-in intelligence, facilitating advanced
data management tiering while mastering online upgrades, online
technology insertion and online technology decommissioning.
Key Characteristics of a kSAFE
The kSAFE storage platform provides common data storage
features and capabilities of cloud architectures, including Storage
as a Service, by providing a well-integrated and closely aligned
combination of hardware and software capabilities.
While there are no maximum limits in capacity, amount of data, or
number of files/objects kSAFE can grow to, there is a minimum base
configuration from where kSAFE can begin. An entry-level kSAFE
configuration should include:
• (1) Admin Node
• (3) Monitor Nodes
• (3) Storage Nodes
• (1) 10/40 Gb Ethernet Data Switch
• (1) 1 Gb Ethernet Management Switch
System capacity growth is accomplished through a straightforward,
on-line addition of new storage shelves, thus increasing on-line and
near-line capacities independently.
Figure 3
7
kSAFE Growth: Advanced Enterprise Configuration
kSAFE is capable of scaling in multiple dimensions. As storage nodes are added to the system, they increase the overall capacity as well as
the total number of spindles. These nodes add a balanced amount of bandwidth to the backend and frontend networks. If configuration
parameters are chosen to optimize for performance, each storage node added to the system can add as much as 1 GB/s of performance.
kSAFE gateways also support a scale-out model. For most protocols, gateways can be clustered together to achieve higher aggregate
performance. The more gateways that are added to the system, the more throughput the clients will have available and the more data
that can be pushed to the storage nodes on the back end.
All gateways, regardless of protocol (IDMT, Block, NAS, Object) are configured with a total of 4 x 10 GbE ports – connections to both the
customer network for client access and also to the kSAFE frontend network for access to the storage nodes. The CPU, memory, and local
storage are tailored to the functions of the gateway.
This model results in all gateways having approximately 1 GB/s of available performance in the system. Given that a kSAFE could scale to
many hundreds, if not a thousand or more storage nodes, and a hundred or more gateways, the performance of a full up kSAFE could be
an aggregate of well over 100 GB/s.
Keeper constantly evaluates new storage server platforms for inclusion into the kSAFE ecosystem and anticipates exploring other very
high-density storage solutions for availability in the future, with NVMe solid-state solutions to serve as a tier of storage for certain use
cases requiring extremely low latency combined with high scalability.
Figure 4: Advanced Enterprise Architecture
8
System Expandability
Scalability and ease of expansion are critical to any data-centric
organization’s overall effort to increase revenues: allowing for
organic growth in capacity in order to take on more projects and
preventing loss of business due to the system capacity overload.
The kSAFE storage platform augments the speed, ease of use, and
ultimately the time to product completion on an exponential scale.
kSAFE is capable of scaling in multiple dimensions. As storage
nodes are added to the system, they increase the overall capacity
as well as the total number of spindles. They also add a balanced
amount of bandwidth to the backend and frontend networks.
From a hardware perspective, because kSAFE is an object-based
storage system with a modular design, the system scales in
both performance and capacity by simply adding additional
storage shelves.
Intelligent Storage Nodes
The lifecycle of the overall systems can be extended and migration
efforts can be significantly shortened because storage nodes can
easily be replaced with nodes of the next generation – non-disrup-
tively while the system is online and providing uninterrupted data
services to users and applications.
What might take traditional storage systems days or weeks to add
2 PBs to the enterprise environment, with kSAFE customers can
be ready to start writing data in under an hour. Nodes actively
collaborate, replicate data, consistently apply updates, detect
node failures, and migrate data.
Other scalability and expandability features include:
• Incremental Upgrades: Upgrade individual components as
needed. Imagine initiating a project that requires a PB of
storage and where management no longer needs to buy the
entire PB. Start with 200 TBs and add increments of 200 TBs
as storage is needed, when it is needed.
• Future-proof Scalability: Easily, transparently, and incrementally
insert and remove technologies and capabilities.
• Component-based Scalability: If and when a three-year-old
4TB drive fails, simply swap it out with a newer 8TB drive.
kSAFE gives you full use of the entire drive capacity allowing
double the capacity within the same form factor.
• Performance Scaling: Being object-based storage at its core,
kSAFE performance scales by aggregating the capabilities of
all the drives in the system.
The kSAFE software scalability advantage is closely aligned with its
hardware capabilities. Scaling of the CRUSH map is infinite. There
are virtually no maximum limits in capacity, amount of data, or
number of files/objects kSAFE can grow to.
9
Data AvailabilitykSAFE leverages open source software-defined storage, commodity hardware, and a Keeper-developed management layer to deliver the
highest levels of availability possible. The distributed nature of kSAFE is fully redundant with all critical components that are replicated,
mirrored, or otherwise protected against failures.
Software and Microcode Upgrades
Software and firmware upgrades are handled with no downtime
and no disruption. If a running service is affected by a particular
software upgrade, it is performed as part of a failover or similar
fashion such that it is non-disruptive to clients of the system.
The entire software upgrade process, whether it is firmware,
microcode, or SAFEos (the kSAFE operating system), seamlessly is
managed by the kSAFE Admin Node. If the upgrade being applied
on a node causes that node to briefly be taken offline, then the
upgrade is performed in a rolling manner, thus having no impact to
clients of the system. This is one of the benefits of a software-defined
clustered system. The redundancy of the architecture allows for
one or more nodes to be taken offline either briefly or for extended
periods with no disruption in service to the clients.
Hardware upgrades are straightforward with new components
simply added to the system. New hardware is recognized by the
system, configured, brought online, and made available to the
software layers as additional resources. All of this is done with
no disruption to ongoing activities, no interruption of service,
and no downtime.
Hardware Redundancy and Reliability
The unprecedented reliability of a kSAFE environment begins with
extremely reliable hardware. Keeper continually tests and assesses
hardware offerings in the development lab and integration center
at Keeper Technology headquarters in Ashburn, Virginia.
Based on our staff’s more than 150 combined years of experience
operating and maintaining mission-level storage environments, we
qualify hardware based on a number of factors:
• Quality of manufacturing process
• Degree of redundancy internal to the node
• Ease of management
• Customer and field replaceable units
• Reliability during our own physical and runtime testing
• Third-party reviews and experiences
Based on this qualification process, only the most reliable and
easily maintainable systems are chosen as kSAFE hardware
options. Once hardware is approved, then the management
modules are written. Using low-level protocols (SNMP, IPMI, etc.)
we communicate with, monitor, and manage all levels of the
node from the baseboard management controller to fans, power
supplies, disks, boards, etc. All of this information is captured
in a database and made available for display through the GUI
and for analysis.
In a kSAFE environment, a single storage shelf can generate more than
15,000 data points per hour. In the GUI, this information is coalesced,
refined, and presented through an intelligent use of design and color
to convey the most meaningful information to the user as quickly and
easily as possible. The data from all nodes of a kSAFE also feed into the
analytics module that can present a variety of user-defined graphs as well
as perform predictive failure analysis.
Figure 5: kSAFE GUI
10
kSAFE is Architected with No Single-Points-of-Failure
In the event of hardware failure (disks or nodes) the system is able
to seamlessly proceed without downtime. kSAFE automatically
recreates new data copies (replicas) for those that have been lost
during the failure of components and data copies are available on
other locations within the system.
Additionally, this replication provides the ability to maintain and
track multiple copies of the same data in different locations for
data protection, collaboration, and/or disaster recovery.
Every critical component that would cause a disruption of service
to clients in case of failure is engineered as redundant at the
hardware node level. These include:
• Data Network Switches
• Admin Nodes
• Monitor Nodes
• IDMT Gateways
• Storage Servers
• Near Line Storage Nodes
Many of these components share additional protection through
internal hardware redundancy (power supplies, fans, etc.) and also at
the software level (erasure coding, checksums, etc.). Ultimately, the
varying degrees of kSAFE design, testing, and system architecture
exceed the stated requirement of “no single-points-of-failure.”
The No-Downtime Benefit to the Analyst
If the soul of an enterprise is in its data, then its heart is in the
user. Analysts and their tools—both deriving answers from the
continual onslaught of information—are critical to the success
of any enterprise. keeperSAFE provides a stable and reliable
information backbone, ensuring that data is accessible and
dynamically protected.
As new algorithms and approaches are proven, more compute
and storage resources are dynamically allocated in real time,
all without interruption, providing the quick reaction capability
that leads to competitive advantages, informed decisions, and
solutions. The heart and soul are satisfied, leading to tangible
advantages in efficiency and mission capabilities without
breaking the budget.
11
Data ProtectionAt Keeper Technology, data protection is taken very seriously. We employ multiple types of protection at various levels with many data
checks along the way. This is best illustrated by looking at data protection layer by layer.
Near-line tier
In the kSAFE near-line tier, data is protected through a combination of 256-bit checksums at multiple levels along with triple-redundant
local erasure coding across the disks, which, in itself has an error rate of 1 bit in 2 million years.
The checksums are stored in a hash tree with each node holding the checksums of all the blocks beneath it. This protection can be visualized
in two dimensions. Since this is archive storage and not meant to be dynamic, the erasure coding and checksum parameters are optimized for
long-term storage and are not user configurable.
Figure 6: Merkle Hash Tree
The primary tier of storage, on the kSAFE storage nodes, is
designed to be dynamic and thus, has more configurable data
protection options. At the disk level, disks can be encrypted or left
unencrypted. Encryption is performed in software and does not rely
on the more expensive self-encryption drives. Rather, encryption
can be applied to any data drives in the kSAFE, including SAS,
SATA, or SSD. The encryption is KMIP v1.1 compliant and can
store encryption keys on an external, KMIP compliant key manager.
Within kSAFE, storage pools are created on top of the disks. Each
storage pool has an administrator defined protection methodology.
Currently, the two supported protection methods are replication
and erasure coding. For replication, objects are protected by
copying them to other disks, other storage nodes, or other racks,
depending on the size of the system. The number of copies is
configurable, with the default being three copies.
For erasure-coded storage pools, objects are encoded with
redundancy information and spread across a number of disks,
nodes, or racks, depending on the size of the system. The erasure
coding parameters can be configured, but are already optimized
by the system based on configuration.
The trade-offs of changing these protection methods or
parameters are both useable space and performance. Increasing
the protection level decreases usable space, and the replication
method of protection has better performance than the
erasure-coded protection method.
ROOThash (A,B)
Chash (001)
Data Block 001
Data Block 002
Data Block 003
Data Block 004
Dhash (002)
Ehash (003)
Fhash (004 )
Ahash (C,D)
Bhash (E,F)
12
Figure 7: Erasure Coding Parameters
EC Write
EC Read
Storage at the petabyte- and
extabyte-level requires more
than data replication. By
utilizing erasure coding, data
will be encoded in the primary
OSD and then spread to the
corresponding OSDs. This
reduces storage requirements
while maintaining the same
availability, which will
dramatically save on total
cost of ownership.
If there is any data missing, Ceph
automatically reads from the parity and
then does the decoding.
obj_nameABCDEFGHI
JKLMNOPQR
obj_nameshard2
obj_nameshard3
obj_nameshard4
obj_nameshard5
DEFMNO
GHIPQR
YXYZYX
QGCPYK
OSD1 (Primary)OSD2 OSD3 OSD4 OSD5
Calculate proper stripe width
Encoding at each stripe width
encode (3,2)
ABCobj_nameshard1 JKL
CLIENT
OSD1 (Primary)OSD2 OSD3 OSD4 OSD5
decode (3,2)
obj_nameshard1
obj_nameshard2
obj_nameshard3
obj_nameshard4
obj_nameshard5
ABCJKL
DEFMNO
GHIPQR
YXYZYX
QGCPYK
CLIENT
OSD1 (Primary)OSD2 OSD3 OSD4 OSD5
decode (3,2)
obj_nameshard1
obj_nameshard2
obj_nameshard3
obj_nameshard4
obj_nameshard5
ABCJKL
DEFMNO
GHIPQR
YXYZYX
QGCPYK
DOWN
13
Advanced Data Management with IDMT
Most organizations need a dynamic and flexible data management
capability that can accommodate for policy and business need
adjustment as both technology and economic requirements
change. Keeper Technology provides one of the broadest solutions
on the market for true-tiered storage. kSAFE with IDMT (Intelli-
gent Data Management Technology) has the internal tiering and
integration capabilities to provide seamless movement of data.
The policy-based tiering and data replication features of IDMT
add data intelligence, management, and governance to digital
repositories. Its powerful analyzer engine can index and manage
existing data stores, while improving data efficiency, access,
and workflow.
Comprehensive Tiering Strategy
Leveraging multiple storage tiers is accomplished by placing data
on the tier that is most appropriate to meet business specific
objectives. Storage tiers are typically defined by the cost and
performance characteristics of the specific tier. These cost and
performance parameters then dictate what data should reside on
the target tier and for what time period.
Many solutions are severely restricted on the data parameters that
may be utilized for tier selection by making tiering determinations
solely based upon file size, age, last access time, file name, or file
extension. kSAFE with IDMT is unique in that any and all metadata
characteristics such as: technical, business, user-defined, extracted,
etc. can be used for determining where data should reside and why.
Replication and Federation
IDMT has a flexible, policy-based, replication capability. Since
policies are driven by metadata, and all metadata is treated equally
in IDMT, replication policies can be defined with nearly limitless
capabilities. Replication can be used for data protection within a
site, with practical critical alerts and real-time reporting, so that
self-healing can occur when a bad object is found. Replication
between sites and geographic regions provides data protection
against regional incidents. Unalterable audit tracking and versioning
is ideal for collaboration, security, and incident response.
Additionally kSAFE integrates with third-party appliances that can
also perform policy-based data tiering, including replicating data to
multiple disk storage repositories and replicating and/or relocating
data to tape storage systems.
Figure 8: Advanced Data Management with kSAFE with IDMT™
Role Based Access
Auto Extraction
Auto Index
Rich Search
Relationships
Versioning
Workflow
External Actions
Policies
Replication
Federation
Audit
Discover and Update
AutomateWorkflow
Ingest Discover
Transform
Manage Exploit
Collaborate
kSAFE Stack
14
File Growth with Scale-out NAS
In traditional scale-up NAS storage scenarios, an enterprise would
commit a significant investment to a large storage array, then
gradually fill up that space over time. The kSAFE scale-out NAS
approach breaks from this trend by enabling companies to expand
capacity gradually. Instead of purchasing excess capacity up front,
companies increase their investment in storage volume incremen-
tally, which is both efficient and cost effective. There is no limit to
storage capacity with scale-out network-attached storage.
Integration with Intelligent Data Management Technology (IDMT)
IDMT is a powerful data management platform, that when
integrated with kSAFE, leverages the metadata locked within a
digital asset. This metadata may be dynamically augmented
through the addition of user-defined metadata and attributes.
IDMT then enables customers to quickly access information for
a given task, actively managing and protecting data in ways that
also reduce infrastructure costs, and facilitating the broadest
framework for collaboration, whether across incompatible
systems, data types, or between remote locations.
Connectivity and IntegrationMost large organizations have a variety of systems, applications, and solutions that require
varying degrees of integration and access to a common set of data. They also have significant
history and systems use, and require a wide range of protocols and interfaces to support that
connectivity. Fortunately, very few organizations can match the variety of systems, legacy of
applications, and variations of connectivity requirements of the Federal Government.
Since Keeper Technology has over a decade of experience designing, installing, and supporting
storage systems in some of the most demanding agencies of the Federal Government, we offer
an unparalleled understanding of such requirements.
The primary storage platform, kSAFE, supports a variety of access methods and protocols:
• Block: RBD, Cinder, Glance
• NAS: NFS (v3/v4), SMB (v3)
• Object: S3, http/ReST, Swift
• File: Clustered, Shared File System
The NAS protocols can simultaneously be used to access the same data. Likewise, the Object protocols can be simultaneously used to access
the same objects. SAFEos, the Shared File System, and NAS protocols can simultaneously access the same data.
IDMT has more than 20 different defined types that can be used
for metadata. From the simple types (string, integer, Boolean) to
more specific types (date, email address, URL) to even using other
assets as a metadata type types.
The IDMT policy engine allows for advanced data management
and tiering capabilities that manage and track data as it is relocat-
ed or replicated from storage tier to storage tier and from site to
site. Complex searches can be constructed and performed, smart
data policies can be built and implemented, and simple to complex
workflows can be created and executed.
Seamless inter-operability with the Cloud
KeeperSAFE with IDMT functions as a gateway in a true hybrid
environment. Keeper delivers a scalable cloud solution capable
of integrating with RESTful protocols such as S3. Managing
storage in house improves performance, access, scale and
efficiency. KeeperSAFE efficiently leverages IDMT’s policy
engine to ensure data is easy to locate and stored in the best
location for its value.
15
Management and Monitoring
One of the unique things about combining open-source software with data storage hardware is that the open-source software has been
written very generically so that it does not depend upon any one vendor’s implementation of hardware.
The Keeper Technology software development team has worked tirelessly to not only fill in the gaps when open-source software is not
available or viable, but to ensure that the hardware and software work well together. As with most products, error management and
reporting is a key area that is required to know if a system is running properly.
Keeper Technology develops and provides comprehensive enclosure management services to detect failing and failed components from
disks, as well as power supplies, and system interconnects. That information is then promptly and accurately displayed on the kSAFE
management GUI so a systems administrator can provide the appropriate response.
kSAFE collects tens of thousands of data points per hour, analyzes them, and rolls that information up into our intuitive management GUI
that presents software status, hardware status, performance information, and a host of configuration and operational data.
Figure 9: kSAFE Dashboard GUI: Customizable, Unified Status of Hardware and Software Health
kSAFE’s GUI dashboard provides a single screen overview of the health of the system from both the hardware and software perspective, including a glimpse into performance and capacity used.
The integrated management capability of the Hardware Tab allows for drilling down to a detailed view of the underlying component infrastructure, simplifying diagnostics, system expansion, and component replacement.
16
Reporting and Analytics
The kSAFE GUI has the ability to generate
basic reports about hardware in the kSAFE
system. The Analytics tab within the
GUI provides access to a rich graphing
package that supports the generation of
user-defined graphs from any of hundreds
of parameters within the system.
Many of the thousands of telemetry data
points collected per hour by the system
can be added to graphs in support of many
types of analytics.
Another form of reporting is based on audit
trails. Audit trails of all types can be enabled
on the system. All audit information is
stored as immutable objects in the
database and, like queries, can be accessed
from the Desktop, the CLI, or through
the API with audit-specific functions. The
audit system enables complete, unalterable
tracking of all actions.
Management and Monitoring (continued)
With appropriate management modules for all node types in the system, the entire kSAFE can be installed, configured, managed,
upgraded, and replaced from the active kSAFE Admin Node. The GUI is used for the vast majority of this, supplemented by the
CLI for a few customer-specific configurations.
Software is installed and upgraded from the Admin Node. SAFEos is delivered as a single download and contains all microcode, firmware,
and SAFEos packages needed to operate the system.
In addition to management modules, monitoring modules are developed for each node type to ensure as much data about the system as
possible is available. This goes all the way down to parameters like power supply voltages, fan speeds, CPU temperatures, disk bit error
rates and temperatures, etc. All of this data adds up quickly; as much as 15,000 data points or more are generated per hour for a single
storage shelf in a kSAFE system.
Overall system health is monitored through data fusion of the information output from the OSS and the monitoring modules of
the various node types. All of this information is distilled, prioritized, and presented in an easy-to-digest form in the kSAFE GUI.
Furthermore, an SNMP monitoring station can be configured to enable receiving of SNMP traps or to support SNMP queries
of the system.
Figure 10: GUI Analytics with Rich Graphing Capabilities
Exclusive to KeeperSAFE, the Advanced Analytics Tab allows the user to create custom graphs from hundreds of selectable parameters giving instant preview to system health and performance.
17
ConclusionThe digital content explosion is presenting organizations with unprecedented scaling
challenges. Experts predict a 4300% increase in annual data generation by 2020. To manage
this big, semi-structured, and unstructured data growth, while maintaining performance,
capacity, and availability, requires ingenuity and long-term vision.
Keeper Technology has been delivering integrated technology solutions to commercial and
government customers for more than a decade, particularly in industries that need to pro-
vide continual online access to data in the petabyte and exabyte scale. As we have grown, we
have remained focused on our core mission to provide enterprise class, highly differentiated
data storage and data management solutions to our government and commercial customers.
The keeperSAFE storage architecture is a robust, highly scalable block and object storage
platform that augments the speed, ease of use, and ultimately the time to product comple-
tion on an exponential scale.
Unlike proprietary, hardware-based storage, which limits your ability to keep up with today’s
enormous data stores and requires significant investment in over-sized storage arrays,
Keeper Technology gives customers a software-defined storage platform that scales across
physical, virtual, and cloud resources.
kSAFE leverages open source, software-based storage, commodity hardware, and a Keeper
developed management layer that delivers the highest levels of availability possible. The
distributed nature of kSAFE is fully redundant with all critical components that are
replicated, mirrored, or otherwise protected against failures.
What might take traditional storage systems days or weeks to add 2 PB’s to the enterprise
environment, with kSAFE customers can be ready to start writing data in under an hour.
Our Ceph-based solution actively collaborates, replicates data, consistently applies updates,
detects failures, and migrates data.
The bottom line is Keeper allows all of our customers to benefit from the agility, elasticity,
and transformative nature of today’s open-source software combined with qualified data
storage hardware in a repeatable, supportable data storage appliance.
We have the technical talent, business experience, and long-term vision to help implement,
optimize, and manage storage infrastructures as needs evolve. We are committed to helping
our customers get the most value out of their investment in data storage, management and
security by leveraging our expertise, dedication, and enterprise-grade services and support.
18
Notice: This whitepaper contains proprietary information protected by copyright. Information in this whitepaper is
subject to change without notice and does not represent a commitment on the part of Keeper Technology. Keeper
Technology assumes no liability for any inaccuracies that may be contained in this whitepaper.
Keeper Technology makes no commitment to update or keep current the information in this whitepaper, and reserves
the right to make changes to or discontinue this whitepaper and/or products without notice.
No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or information storage and retrieval systems, for any purpose other than the
personal use, without the express written permission of Keeper Technology.
19
21740 Beaumeade Circle | Suite 150 | Ashburn, VA 20147
P [571] 333 2725 | F [703] 738 7231 | [email protected] | www.keepertech.com
Scalable. Flexible. Secure. Affordable data storage the way the cloud intended.
TM
keeperSAFE and keeperCARE are trademarks of Keeper Technology, LLC in the U.S. and other countries. Other names herein may be trademarks of their respective owners.